Hi....

How much longer before the repositories for 10.10 are shut down?

Regards...

If the edition will no longer be receiving security updates, I'd say that's reason enough to move off it as soon as possible.

It should be stated, that just because a *buntu release has reached EOL, doesn't mandate that one should stop using it in favor of a newer release.

There are people still running 6.06 (and earlier ?). If your needs are satisfied with the release you are using, keep using it. If your hardware works with the release you are using, and you are satisfied, keep using it.

With that said, the only real reason that one would 'have' to upgrade is because the version one is running no longer meets their requirements, or is no longer providing the functionality needed.

Keeping one's system free of security vulnerabilites sounds like a basic requirement, no?

(Do realize that my view here is intentionally prejudiced. Having worked so long in information security, it's difficult for me to consider the alternative!)

Sure. But the real world security risk on a properly run (read:root account not enabled] *buntu OS is low, even very low.

I understand your POV, so you would be a good one to ask.

Just how much difference, if any, does it make in a lot of real world situations? I currently have two boxes with Linux. This one with Kubuntu 8.04, and another one with Ubuntu Server 10.04 running KDE (as a desktop machine - I wouldn't use a GUI on a server). As Snowhog mentioned
Exactly. How likely am I to get infected by clicking on a bad link? I'm not sure how otherwise someone could get the upper hand on my Linux systems. For one thing, as usual in many areas, you need to get past multiple layers of NAT. I am aware of two levels in addition to my own router. All users in my town, and the one next to me, by the way, all have the same outward facing IP.

PS: Just to be argumentative there are also other considerations such as if one is running any servers at all. As it happens I do on my Linux machines, but my main DOS box is impenetrable (thinks I) despite being connected 24/7. One could theoretically run a serverless Buntu system as well. No?

I have a Remastersys of my tweaked MM on a cd and a 16 gig SeaGate with MM on it and it works just fine, thank you very much. One does not need to do "updates" to an OS that "just works" as long as the net will "allow" FF to get online then it "should work" just fine for the next decade and that is why the hd will sit safely in a box in case that it is ever needed.

woodsmoke

Risk isn't an absolute value. What you do with a machine, what it can access, and how much access it allows, all factor into making a risk assessment. You can install the most vulnerability-ridden piece of crap available and never connect it to a network -- well, that's still pretty secure, until you loan it to someone else

Conversely, I've seen forms of malware that get into machines via very stealty mechanisms, like steganography, and then take over from the inside. Such malware can be programmed to seek out multiple vulnerabilities that wouldn't ordinarily be visible over a network connection. NAT boxes and firewalls are powerless to stop these attacks.

Probably the riskiest aspect of using older software is the fact that it's no longer maintained. Over time, software improves. Developers get better at understanding how software can be abused and increase the resilency of their code. Sometimes better software becomes available via updates; sometimes it becomes available only in new versions. Once a piece of code falls off the update schedule, you gradually lose the ability to predict how that code behaves when subjected to unexpected conditions.

A bit of planned downtime for maintenance (installing updates) is always preferable to unplanned downtime that resulted from getting attacked.

http://packages.ubuntu.com/
Old releases: http://www.kubuntuforums.net/showthr...c-repositories

Thanks, OneLine.